Versions Compared

Old Version 1

changes.mady.by.user Sheetal Shet

Saved on

compared with

New Version Current

changes.mady.by.user Sheetal Shet

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Generate hivemq_values.yaml:

    Deploy HiveMQ using the HiveMQ Platform and generate the hivemq_values.yaml file:

    Code Block
    helm show values hivemq/hivemq-platform > hivemq_values.yaml

  2. Configure ESE License:

    Follow the specific steps outlined for configuring the ESE license. Setting Up HiveMQ License for Your HiveMQ Cluster using HiveMQ Platform Operator

  3. Create config.xml for ESE:

    • Examples of the config.xml file are in the extension folder under conf/examples.

    • Configure the sql-realm with your database name, host, username, and password.

    • Configure the listener-pipeline, setting <use-authorization-key> to false and <use-authorization-role-key> to true.

    • Please refer to the example:

      Code Block
      <?xml version="1.0" encoding="UTF-8" ?>
<enterprise-security-extension
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:noNamespaceSchemaLocation="config.xsd"
        version="1">
    <realms>
        <!-- a postgresql db-->
        <sql-realm>
            <name>postgres-backend</name>
            <enabled>true</enabled>
            <configuration>
                <db-type>POSTGRES</db-type>
                <db-name>hivemq</db-name>
                <db-host>postgres-servicename or host</db-host>
                <db-port>5432</db-port>
                <db-username>hivemq</db-username>
                <db-password>password</db-password>
            </configuration>
        </sql-realm>
    </realms>
    <pipelines>
        <!-- secure access to the mqtt broker -->
        <listener-pipeline listener="ALL">
            <!-- authenticate over a sql db -->
            <sql-authentication-manager>
                <realm>postgres-backend</realm>
            </sql-authentication-manager>
            <!-- authorize over a sql db -->
            <sql-authorization-manager>
                <realm>postgres-backend</realm>
                <use-authorization-key>false</use-authorization-key>
                <use-authorization-role-key>true</use-authorization-role-key>
            </sql-authorization-manager>
        </listener-pipeline>
    </pipelines>
</enterprise-security-extension>

  4. Create ConfigMap for ESE configuration:

    Code Block
    languagebash
    kubectl create configmap ese-config --from-file config.xml -n <namespace>

  5. Deploy HiveMQ Platform Operator:

    Code Block
    languagebash
    helm install platform-op hivemq/hivemq-platform-operator -n <namespace>

  6. Edit hivemq_values.yaml: Modify the hivemq_values.yaml file to include ESE-related changes.

    1. Disable the hivemq-allow-all-extension

      Code Block
      extensions:
  - name: hivemq-allow-all-extension
    enabled: false
...

    2. Configure the ConfigMap name created in the previous step. Set enabled: true to enable this extension.

      Code Block
      ...
extensions:
  - name: hivemq-enterprise-security-extension
    enabled: true
    configMapName: "ese-config"
...

  7. Override StatefulSet Configuration:
    Each SQL realm must create a JDBC database connection to the configured database instance. To create the connection, a database-specific JDBC Driver is required. This driver is not prepacked with an ESE extension hence it needs to be downloaded first.

    Either create a separate file for your StatefulSet or add it to the existing hivemq_values.yaml.

    1. To create a separate file stateful-set-spec.yaml to override the Statefulset, you can get a template of it using the following command and just edit the output/templates/hivemq-custom-resource.yml.

      Code Blockhelm template my-hivemq-platform hivemq/hivemq-platform --output-dir ./output

      Code Block
      spec:
  replicas: 2
  template:
    spec:
      containers:
        - name: hivemq
          env:
            - name: JAVA_OPTS
              value: "-XX:+UnlockExperimentalVMOptions -XX:InitialRAMPercentage=50 -XX:MaxRAMPercentage=50"
          image: "docker.io/hivemq/hivemq4:4.24.0"
          imagePullPolicy: IfNotPresent
          ports:
            - name: mqtt-1883
              containerPort: 1883
            - name: cc-8080
              containerPort: 8080
              # Metric container ports are not configurable right now
            - name: metrics-9399
              containerPort: 9399
          resources:
            limits:
              cpu: "1024m"
              memory: "2048M"
            requests:
              cpu: "1024m"
              memory: "2048M"
          volumeMounts:
            - name: licenses
              mountPath: /opt/hivemq/license
            - name: jdbc-drivers
              mountPath: /opt/hivemq/extensions/hivemq-enterprise-security-extension/drivers/jdbc
      initContainers:
      - name: install
        image: alpine
        imagePullPolicy: IfNotPresent
        command: ["sh", "-c"]
        args:
        - |
          echo "Downloading jdbc driver to download dir..."
          wget -P /download/ https://jdbc.postgresql.org/download/postgresql-42.6.0.jar
          mv /download/postgresql-42.6.0.jar /download/postgresql.jar
          chmod 444 /download/postgresql.jar
          ls /download -la
        volumeMounts:
        - name: jdbc-drivers
          mountPath: "/download/"
      volumes:
        - name: licenses
          secret:
            secretName: hivemq-license
        - name: jdbc-drivers
          emptyDir: {}

      Deploy HiveMQ:

      Code Block
      helm upgrade --install -f hivemq_values.yaml <installation name> hivemq/hivemq-platform --set-file config.overrideStatefulSet=files/stateful-set-spec.yaml -n <namespace>

    2. To edit hivemq_values.yaml Please. refer example of overrideStatefulSet.

      Code Block
      ...
config:
  create: false
  name: hivemq-configuration-hivemq-test
  overrideStatefulSet: |
    spec:
      replicas: 2
      template:
        spec:
          containers:
            - name: hivemq
              env:
                - name: JAVA_OPTS
                  value: "-XX:+UnlockExperimentalVMOptions -XX:InitialRAMPercentage=50 -XX:MaxRAMPercentage=50"
              image: "docker.io/hivemq/hivemq4:4.24.0"
              imagePullPolicy: IfNotPresent
              ports:
                - name: mqtt-1883
                  containerPort: 1883
                - name: cc-8080
                  containerPort: 8080
                  # Metric container ports are not configurable right now
                - name: metrics-9399
                  containerPort: 9399
              resources:
                limits:
                  cpu: "1024m"
                  memory: "2048M"
                requests:
                  cpu: "1024m"
                  memory: "2048M"
              volumeMounts:
                - name: licenses
                  mountPath: /opt/hivemq/license
                - name: jdbc-drivers
                  mountPath: /opt/hivemq/extensions/hivemq-enterprise-security-extension/drivers/jdbc
          initContainers:
          - name: install
            image: alpine
            imagePullPolicy: IfNotPresent
            command: ["sh", "-c"]
            args:
            - |
              echo "Downloading jdbc driver to download dir..."
              wget -P /download/ https://jdbc.postgresql.org/download/postgresql-42.6.0.jar
              mv /download/postgresql-42.6.0.jar /download/postgresql.jar
              chmod 444 /download/postgresql.jar
              ls /download -la
            volumeMounts:
            - name: jdbc-drivers
              mountPath: "/download/"
          volumes:
            - name: licenses
              secret:
                secretName: hivemq-license
            - name: jdbc-drivers
              emptyDir: {}

      Deploy HiveMQ:

      Code Block
      helm upgrade --install -f hivemq_values.yaml <installation name> hivemq/hivemq-platform -n <namespace>

  8. Check Pod Status:

    Verify that all hivemq pods are running.

    Code Block
    kubectl get pods -n <namespace>

  9. Verify Enterprise Security Extension Start:

    Check the hivemq.log to confirm successful ESE startup.

    Code Block
    kubectl logs <pod name> -n <namespace>

  10. Perform Quick Tests:

    Utilize the MQTT CLI to conduct quick tests.

...

Filter by label (Content by label)
page
showLabelsfalse
max5
spacescom.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@957
showSpacefalse
sortmodified
showSpacetypefalsepage
reversetruetype
labelskb-how-to-article
cqllabel in ( "kb-how-to-article" , "platform-operator" ) and type = "page" and space = "KB"labelskb-how-to-article